Technology law blog by a Canadian information technology and intellectual property law lawyer and trade-mark agent dealing with issues including software, copyright, privacy, the Internet, electronic commerce, computers

Archives

Feeds

Follow me on Twitter

Friday July 31 is the 16th annual SysAdmin Day. A day to show our appreciation to the IT professionals who keep our computers, networks and apps working. For those of us who push the tech envelope a bit beyond a typical office setup, our thanks for not rolling their eyes every time we ask them for something new and different. And our thanks for using us as the test platform for new stuff.

In the interest of using your SysAdmin’s time most effectively, take a look at this amusing list.

From time to time various law enforcement and government types whine that encryption is a bad thing because it allows criminals to hide from authorities. That is usually followed by a call for security backdoors that allow government authorities to get around the security measures.

That’s a really bad idea – or as Cory Doctorow puts it in a post entitled Once Again: Crypto backdoors are an insane, dangerous idea: “Among cryptographers, the idea that you can make cryptosystems with deliberate weaknesses intended to allow third parties to bypass them is universally considered Just Plain Stupid.”

They build in a vulnerability to exploit – there are enough problems keeping things secure already. And the thought that government authorities can be trusted to use that backdoor only for the “right” purposes, and to keep the backdoor out of the hands of others is wishful thinking.

The Intercept has an article entitled Chatting in Secret While We’re All Being Watched that’s a good read for anyone interested in how to keep communications private. It was written by Micah Lee, who works with Glenn Greenwald to ensure their communications with Edward Snowden are private.

Even if you don’t want to read the detailed technical instructions on how to go about it, at least read the first part of the article that explains at a high level how communications can be intercepted, and the steps needed to stop that risk.

Communicating in secret is not easy. It takes effort to set it up, and it’s easy to slip up along the way. As is usually the case in any kind of security – physical or electronic – its about raising the difficulty level for someone to breach the security. The more efforts someone might take to try to intercept your communications, the more work it takes to keep it secret. For example, you raise the sophistication level of the thief who might burglarize your house as you increase security – from locking your doors, to deadbolts, to break resistant glass, to alarms, etc. It doesn’t take much extra security to make the thief go to another house, but it may take a lot more if a thief wants something specific in your house .

Edward Snowden’s communications, for example, require very diligent efforts, given the resources that various authorities might use to intercept those communications.

It is common to register a corporate name as a trademark. That’s fine if it is actually used as a trademark – but mere use as a corporate name is not enough to amount to trademark use.

Similarly, mere use of the trademark within an email or other text is not enough if it looks like the rest of the text. It must somehow look different than the rest of the text.

For example, if your company name is Abcd Widgets Inc, and your trademark is ABCD, the use of Abcd Widgets Inc. is not use of the trademark. ABCD must be used independently. And in text, using abcd is not use, but using ABCD may be, as it looks different than the surrounding text (unless, of course, the rest is in all caps as well.)

Several amendments were made last week to PIPEDA, the federal private sector privacy legislation. This has been sitting around in draft for a long time. Except for sections creating a new mandatory breach notification scheme, the amendments are now in force. The breach notification scheme requires some regulations before it comes into effect. More on that at the end of this post.

Several of these changes were long overdue, and bring PIPEDA more in line with some of the Provincial Acts that were drafted after PIPEDA.

Here are some of the highlights that are in force now:

The business contact exception from the definition of personal information has been broadened.

Provisions have been added to allow the transfer of personal information to an acquiring business for both diligence and closing purposes. Most have been approaching this in a similar way, but vendors/purchasers, and their counsel should make sure they comply with the exact requirements.

A new section says consent is only valid if the individual would understand what they are consenting to. This speaks to the clarity of the explanation, and is particularly important when dealing with children.

Several new exceptions to the collection, use and disclosure of personal information without consent have been added. Such as witness statements, communication to next of kin of ill or deceased persons, and fraud prevention.

The Commissioner now has a compliance agreement remedy.

The breach notification sections that come into effect at a later date include:

Mandatory reporting to the Commissioner of a breach where “…it is reasonable in the circumstances to believe that the breach creates a real risk of significant harm to an individual.” That test is somewhat subjective, and will no doubt cause some consternation in practice. Guidance is included on relevant factors to consider and what constitutes “significant harm”.

The report must contain certain information and be on a form that will be in the regulations yet to be released.

Affected individuals must be similarly notified.

Businesses will be required to maintain records of “… every breach of security safeguards involving personal information under its control”, and provide a copy to the Commissioner on request. Note that this is “every” breach without regard to a harm threshold. This could pose a challenging compliance issue for large organizations.

The whistleblowing provision has been amended to allow a complainant to “request” that their identity be kept confidential.

The section with the $100,000 fine for interfering with an investigation has been amended to make it an offence to contravene the reporting requirements. That will make the decision of whether a breach passes the reporting threshold a serious matter to ponder.

Yet in the United States, the USA Freedom Act was just passed that pulled back a bit on the ability of the NSA to collect domestic data.

There seems to be no evidence that all this invasive spying and data collection actually reduces or prevents terrorism or crime. The cost is enormous – both in terms of the direct cost of collecting, storing and analyzing it – and the costs to the economy. A new report from the Information Technology and Innovation Foundation says that US companies will likely lose more than $35 billion in foreign business as a result of NSA operations.

And that’s not to mention the cost to civil liberties and privacy. As many people have pointed out, 1984 was supposed to be a warning, not an instruction manual.

Ontario Privacy Commissioner Brian Beamish just released his first annual report.

It is an interesting read for anyone interested in access and privacy issues.

Topics include details on some noteworthy access and privacy decisions, open government, police body cameras, sharing of CPIC information with US border officials, contents of police record checks, and comments on personal health privacy.

A common rebuke to self-driving cars are thoughts about cars behaving like computers – like freezing or rebooting while driving. Those make amusing sound bytes or twitter comments, but there is a grain of truth to it. Self driving technology has come a long way, but while computers and software can follow programmed instructions, and can learn over time, humans are still better at many things.

An article in the New York Times entitled Why Robots Will Always Need Us does a good job of putting this in context, in part by the experience of aircraft.

Author Nicholas Carr points out that:

Pilots, physicians and other professionals routinely navigate unexpected dangers with great aplomb but little credit. Even in our daily routines, we perform feats of perception and skill that lie beyond the capacity of the sharpest computers. … Computers are wonderful at following instructions, but they’re terrible at improvisation. Their talents end at the limits of their programming.

and

In 2013, the Federal Aviation Administration noted that overreliance on automation has become a major factor in air disasters and urged airlines to give pilots more opportunities to fly manually.

That’s not to say that we should smugly dismiss automation or technology. Lawyers, for example, who dismiss the ability of software to replace certain things we do are in for a rude awakening.

In general, computer code is never bug free, is never perfect, and is not able to do certain things. (You can say the same for us humans, though.) For example, the aircraft industry spends huge amounts of time and money testing the software that operates aircraft. On the other hand, the types of things computers can do well are increasing, and will increase over time. At some point there may be breakthroughs that make computers more reliable and better at the things us humans are more adept at. But we are not there yet.

Depending on how you define a self driving car – probably sooner than you think.

Sometimes new technology seems to come out of nowhere, but it often creeps up on us. Legal disruptions that new tech spawns often follows the same path – usually a combination of lagging behind new technology, and getting in the way of new technology.

Current advances that come to mind include smart watches, drones, electric cars, and Tesla’s Powerwall.

Take self driving cars for example.

Its not as if we will go directly from a totally human driven car to a totally autonomous car. They will creep up on us. The Google self driving car gets a lot of press, and understandably so, but mainstream auto makers are rolling out these features now. We already have cars with features such as self parking, adaptive cruise control, cross traffic alerts, and lane departure warnings. Over time these will morph from warning systems to taking control for a brief time to driving for longer period of time. Self driving will start on highways before it moves to city driving.

This means that if someone does a google search from a mobile device, a site that is mobile friendly will appear higher in the search results than one that is not mobile friendly and would otherwise rank the same.

Given the high and trending higher percentage of time people use phones and tablets for search compared to PC’s, it is increasingly important that web sites be mobile friendly.